Cyber Security for the Financial Services Industry - What You Need to Know

The financial services industry is among the top 5 targets for hackers in 2018, and this trend shows no signs of slowing down. More than 200 million financial services records were breached last year, which is a staggering 900 percent increase from the year prior. Recent data also shows that cybercrime costs the financial services sector more than any other industry, so the call to action is an immediate one. If your business is in finance, it’s time for an IT security audit, and that begins with a better understanding of what you and your staff needs to know before building your new cybersecurity strategy.

Traditional antivirus (AV) has become so ineffective that it can barely protect the average small business, much less a financial services institution. Traditional AV prevents attacks through three processes, byte-matching, heuristics, and hash-matching, but in all three processes, a cybercriminal needs to only alter one byte, property, or bit to render the AV completely ineffective.

In order to fill the gap left by antiquated AV, advances in artificial intelligence (AI) and machine learning have become the go-to solution. AI can identify malware before it can be executed, therefore, it detects and prevents advanced threats that traditional AV tools cannot. The problem is that current reports show thatonly 26 percent of financial-service companies have actually deployed AI security technologies.

Your first order of business as a financial services provider is to secure an endpoint threat protection solution that taps into AI and machine learning, such as CylancePROTECT, a tool that Fully Managed expertly applies to your business to keep you and your clients safe from ransomware, malware, malicious documents, and other more advanced threats, including those that have yet to come. From there, your entire hierarchy will have taken one major step towards mitigating the risk of a data breach.

2. Staying on Top of Regulatory Compliance (it’s bigger than you think)

Like with the healthcare industry in Canada, financial service providers must comply with Canada’s data privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA). As an organization, you likely give data protection priority to items that fall within the realm of PIPEDA. But that’s not good enough these days. There has been a global change, one that took effect this month (May 2018).

The European Union (EU) adopted the General Data Protection Regulation (GDPR) back in 2016 as a substantial revamp to its privacy laws for processing personal data. The end date to comply, was on May 25, 2018. So what does this have to do with you, a Canadian business in the financial sector? Although instituted in the EU, the GDPR indeed applies to all global businesses and organizations that deal with EU citizens and their data in any way whatsoever. For the financial services industry in Canada, the GDPR is particularly relevant. For instance, major Canadian banks operate in the EU for a wide variety of purposes, including the facilitation of direct foreign investment and the management of local investors and transactions between EU citizens/businesses and their counterparts in Canada. It could be something as simple as having a newsletter subscriber database that includes a single EU citizen to put you at risk of the GDPR penalty. And what is that penalty? Punitive measures for organizations that don’t comply with the new GDPR requirements can tally up to €20 million (over $30 million CAD!) per infraction.

The only way for a financial services firm to keep up with all regulatory compliance policies, is to protect ALL data held by, or transferred through, the business. Nothing should be left out of your cybersecurity loop.

3. Internal Threats

Unfortunately, one of the top four cybersecurity threats to businesses in 2018 comes from within. The financial services sector is historically more stringent when it comes to background checks, but weeding out those with questionable criminal backgrounds won’t prepare you for the fact that hacking groups are recruiting the average Joe and Jane from within your company, especially during times of uncertainty when said individuals may be disgruntled and/or fear for their own job security.

Moving forward, your company must put in safeguards to limit the scope and privileges that key IT administrators have. You must implement restrictions on data, allowing access only to critical staff who require it, while at the same time instituting IT security systems to carefully monitor staff for suspicious online behavior.

There’s no grey area about what to do here. Have your entire hierarchyfollow these 6 password guidelines that will help your financial services firm keep free from cybercrime.

5. Adopt a More Secure SaaS

The dedicated software and hardware that you use to manage financial services should certainly receive a cybersecurity audit by a managed services provider. However, there is often a lack of attention given to the various day to day SaaS platforms, which is another way hackers are looking to get in the door. Your current methods of accessing email, instant messaging, documentation, file sharing, remote accessibility, and cloud storage may all serve as a gateway to cybercriminals. You need to make sure that you adopt an SaaS that is designed on the principles of the Security Development Lifecycle (SDL). SDL is a mandatory process that integrates security requirements into each and every phase of development, and the business solution that offers this, is Microsoft Office 365. However, adopting of MS Office 365 on it’s own is not enough to ensure optimal security for your SaaS, as you need to make sure that your financial services firm migrates with the assistance of a MicrosoftCertified Gold Partner that will allow you to take full advantage of its business tools, and in the most secure manner possible.